On Sat, 2014-03-08 at 22:41 +0100, Jens Lechtenboerger wrote: > Hi there, > > I just realized that gnutls-cli (3.2.12.1) prefers > cipher suites without DHE over those with DHE, e.g.: > TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) is preferred to > TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033). > > I was hoping for forward secrecy with Diffie-Hellman by default, > which I now must enable explicitly with option --priority=PFS. > Is there a reason for this preference?
Yes. The problem with DHE ciphersuites is that they don't negotiate the acceptable security level; thus when a client prioritizes DH and receives unacceptable DH parameters can only terminate the session with an error. This makes gnutls incompatible with these servers (there are quite some misconfigured servers like that), so gnutls prioritizes by default ECDHE, and RSA over DHE to promote compatibility. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
